Cybersecurity Newsletter

newsletter

Welcome to 2023!  Here is to having a great year! To that end, you have a lot going on, so join the thousands of other leaders and let me do the work and provide you with curated cybersecurity content. It would be my honor to do so.

This week's newsletter is dedicated to all the education IT & Security Leaders out there doing what they do best and often not recieving enough recognition.

Thank you from Mark Lynd - #1 Ranked Global Security Thought Leader

NOTE: To ensure you have a more positive newsletter experience, we have moved to a new platform called Ghost and this is the first Morning Boot newsletter from it. Ghost is a more credible and creative curation platform that uses more care and higher authenticity when sending out email. Bottom line... better experience for you, the reader. If you want to ensure you get this newsletter every week, please add our "from" address to your contact list. If you would like to Unsubscribe please scroll to the bottom and select "unsubscribe". Thank you.

In this week's edition:

  • Cyber Bits & Bytes
  • Early Warning - Burnout is real! 7 Reasons Why People Matter in Cybersecurity
  • Featured Article - 23 Cybersecurity Predictions for 2023
  • Cyber Quote - Bruce Schneier, Recognized Top Cybersecurity Expert
  • Free Cybersecurity Resources - eBooks, tools, apps & services
  • Trending Story - Ransomware ecosystem becoming more diverse for 2023
  • Cybersecurity News Highlights
  • Cyber Scam of the Week - Is Your Grandma Really Selling Furniture on Social Media?
  • Social Posts of the Week

Gold Spinning Lock GIF Image

Cyber Bits & Bytes

Useful Ransomware article by Chad Kime on eSecurity Planet titled: "Ransomware Protection: How to Prevent Ransomware Attacks". In the article he covers in detail best practices in dealing with ransomware. Definitely worth a read.

Hacktivism Is Back and Messier Than Ever, per a a Wired article by Matt Burgess. Throughout 2022, geopolitics has given rise to a new wave of politically motivated attacks with an undercurrent of state-sponsored meddling.

Interesting article titled "Who should make cyber risk management decisions", in Deploying Securely by Walter Haydock, as he suggests that it is not information security professionals that should make the decision. Whether you agree or not it is interesting.

Reported phishing attacks have quintupled – per an Anti-Phishing Working Group ("APWG") report. Read more via this Help NetSecurity article. Did you know that you can report specific phishing email to APWG on their website found here?

Every one has probably heard all about ChatGPT. For those that haven't ChatGPT is a acclaimed chatbot launched by OpenAI in November 2022. It is built on top of OpenAI's GPT-3.5 family of large language models, and is fine-tuned with both supervised and reinforcement learning techniques per Wikipedia. It is one of the fastest growing website applications in history and reached one million users by December 4th, 2002 (in only 12 days). Well did you know there are security implications to ChatGPT? Learn more in the article by Walter Haydock.


Early Warning

Burnout is real! 7 Reasons Why People Matter in Cybersecurity

People are an essential element in cybersecurity. While some may point out they can be burned out and potentially become a weakness, the bolder view is if properly cared for, trained, positioned and prepared can have a very positive impact on an organization’s security posture.

Here are 7 Reasons Why PeopleMatter in Cybersecurity:

1. Leadership: Effective leadership is crucial in cybersecurity, as it sets the tone for the entire organization's approach to security. Leaders have the ability to influence the culture and priorities of their organization, recognize burn-out in their staff, and can ensure that security is integrated into all aspects of the business. They also play a key role in ensuring that the right resources are allocated towards cybersecurity efforts and that there is a clear plan in place for addressing potential threats.

2. Communication: Good communication is essential in the field of cybersecurity, as it helps to ensure that everyone in the organization is aware of potential threats and knows how to respond to them. This includes both verbal and written communication, as well as the ability to effectively communicate technical information to non-technical stakeholders. It will help leaders identify and care for those staff members that might be suffering or heading towards burn-out. Strong communication skills also help to facilitate collaboration and coordination between different teams and departments, which is critical for an effective security strategy.

3. Understanding the threat: In order to effectively defend against cyber threats, it is essential for individuals to have a deep understanding of the types of threats that exist and how they can impact an organization. This includes understanding the tactics and techniques used by attackers, as well as the potential consequences of a security breach. By staying up-to-date on the latest threats and trends in the field, individuals can better protect their organization and help prevent successful attacks.

4. Developing & executing a security plan: A well-defined security plan is the foundation of any effective cybersecurity strategy. It outlines the specific measures and controls that an organization has in place to protect against potential threats, as well as the procedures for responding to incidents when they occur. Individuals who are responsible for developing and executing a security plan must have a thorough understanding of the organization's assets and vulnerabilities, as well as the ability to assess risk and prioritize security efforts accordingly.

5. Responding to incidents: When a cybersecurity incident does occur, it is essential that individuals have the skills and knowledge necessary to respond quickly and effectively. This includes having a clear plan in place for incident response, as well as the ability to identify the scope and impact of the incident, contain it, and recover from it. It also involves effective communication with all relevant parties, including stakeholders, customers, and the media.

6. Training others: Ensuring that all employees in an organization have the necessary skills and knowledge to identify and respond to potential threats is critical to the overall security of the organization. This includes providing ongoing training and education to employees on topics such as best practices for password management, spotting phishing attempts, and other security-related topics. By providing regular training and reminders, organizations can help to reduce the risk of successful attacks.

7. Promoting diversity: Diversity and inclusion are important factors in cybersecurity, as they can help to bring a variety of perspectives and approaches to problem-solving. By promoting diversity in the workplace, organizations can also help to create a more inclusive and welcoming environment, which can lead to better collaboration and more effective decision-making. Additionally, promoting diversity can help to attract and retain top talent, which is essential for building a strong and capable cybersecurity team.

People are an essential ingredient in the effective cybersecurity equation. They often go unrecognized and are over-worked. It is very important for leadership in an organization to value and recognize their cybersecurity teams to attract, retain and motivate their precious cybersecurity assets.

Original Article by Mark Lynd


Featured Original Article

23 Cybersecurity Predictions for 2023 by Mark Lynd, ranked #1 Security Thought Leader

23 Cybersecurity Predictions for 2023

 
The Road Ahead Will Be Challenging

As we head into 2023, cybersecurity is even more important heading into 2023 for a number of reasons. First, the cost of cyber attacks is increasing. According to a recent study, the average cost of a data breach is over $3 million. This can be financially devastating for businesses, particularly small and medium-sized enterprises. In addition, a cyber attack can damage a company's reputation and lead to lost customers.

Second, the threat of cyber attacks is constantly evolving as attack surfaces continue to grow and threat vectors are increasing. This makes for a dangerous mix. Attackers are constantly developing new tactics and technologies to bypass cybersecurity measures. This means that businesses need to be constantly vigilant and update their defenses and have a strong incident response and recovery capability to stay ahead of these threats.

Also, the increasing use of technology in all aspects of life means that the potential for cyber attacks is greater than ever before. From personal devices and social media to business systems and critical infrastructure, the use of technology is more widespread and the risks associated with cyber attacks against them are significant.

Keeping Up With The latest Is Cybersecurity is Tough

Keeping up with the latest in cybersecurity is a full-time job and security professionals are busy and over-worked. Also, it is difficult to make specific predictions about cybersecurity, as the field is constantly evolving, and it is difficult to predict what new threats and challenges may emerge. However, based on trends and current developments in the field, I have made 23 cybersecurity predictions for 2023 below to potentially help guide your way into the new year.

  1. Cybersecurity will become a top priority for businesses of all sizes. As the cost of cyber-attacks continues to rise, businesses of all sizes will recognize the importance of protecting themselves against these threats. This could include implementing robust cybersecurity policies, training employees on how to spot and avoid phishing scams, and investing in technologies and solutions to protect against cyber-attacks.

  2. Cybersecurity professionals will need to continually invest in themselves and stay up to date on the latest technologies and tactics being used by attackers. As the threat landscape continues to evolve, it will be important for cybersecurity professionals to utilize threat-hunting and threat intelligence and stay up to date on the latest technologies and tactics being used by attackers. This will also require ongoing training and education to ensure that they are equipped to protect their organizations against emerging threats.

  3. Collaboration between the business and cybersecurity professionals will become more important. As the threat of cyber-attacks continues to evolve, it's important for businesses to work closely with cybersecurity professionals to identify and address potential threats. This could include sharing information, best practices, cybersecurity training and awareness programs, as well as participating in incident response planning and execution as needed.

  4. Collaboration between the business and cybersecurity professionals will become more important. As the threat of cyber-attacks continues to evolve, it's important for businesses to work closely with cybersecurity professionals to identify and address potential threats. This could include sharing information, best practices, cybersecurity training and awareness programs, as well as participating in incident response planning and execution as needed.

  5. Cybersecurity awareness campaigns will become more important. As the threat of cyber-attacks continues to grow, it's important for businesses to educate their employees and customers on how to protect themselves. This can include providing information on how to spot and avoid phishing scams, using strong passwords, and keeping systems and software up to date.

  6. Cybersecurity standards and frameworks will become more integrated. As the importance of cybersecurity continues to grow, various standards and frameworks like NIST and Zero Trust for protecting against cyber threats will become more popular and interconnected. This will help businesses better understand their risks and take a more holistic approach to cybersecurity.

  7. Cybersecurity regulations and compliance requirements will continue to evolve. As the threat of cyber-attacks increases, governments and industry organizations will continue to develop new regulations and standards to help businesses protect against these threats. Businesses will need to stay up to date on these requirements and ensure that they are in compliance.

  8. Cyber insurance will become more widely adopted. As the cost of cyber-attacks continues to rise, businesses will increasingly turn to cyber insurance to protect against financial losses. Cyber insurance policies can provide coverage for things like legal fees, data restoration, and business interruption costs.

  9. Expect to see the importance of incident response planning to grow significantly as many cybersecurity professionals realize that with zero-day attacks and the growing sophistication of bad actors avoiding or preventing an attack is increasingly less likely to occur. Therefore, it is important for organizations of all sizes to have a plan in place to deal with potential incidents. This may involve develop and testing a detailed incident response plan, training employees, establishing incident response teams, involving leadership and stakeholders and implementing measures such as backup and recovery systems.

  10. You will see greater use of automation in incident response planning. Automation can help to speed up the response to an incident, allowing organizations to quickly identify and address problems before they become more serious. This may involve using artificial intelligence (AI) and machine learning (ML) technologies to analyze large amounts of data and identify potential threats, as well as automating certain aspects of the response process to facilitate more complete and rapid recovery.

See and Read 13 More Predictions


Cyber Quote

Quote by Bruce Schneier - "Data is the pollution problem of the information age and protecting privacy is the environmental challenge".

Free Resources


Trending Story

Ransomware ecosystem becoming more diverse for 2023
The decline of big ransomware groups like Conti and REvil has given rise to smaller gangs, presenting a threat intelligence challenge.

Other Bytes

The nation’s second-largest school system was just hit by a cyberattack. Why do attackers target schools? - Poynter
Plus, why experts have reason to hope there will be no fall COVID-19 surge, how climate change is related to disease outbreaks, and more.
How to Decrypt Files Encrypted by Ransomware
Ransomware is malware that encrypts files on your device, making them inaccessible. Learn how to decrypt files encrypted by ransomware.
4 strategy game-changers for finding cybersecurity talent
Some CISOs are shaking up their staffing plans to address the challenges of recruiting, hiring and retaining cybersecurity workers – and finding success in their moves.

Netsync Ad for Security Services

Cyber Scam of the Week

Is Your Grandma Really Selling Furniture on Social Media?

For years, cybercriminals have used social media to post fake listings for popular items such as furniture or electronics. As these scams have grown in popularity, many people have learned to be careful when buying items online from strangers. Now, cybercriminals are impersonating people you trust to lure you in to their fake listing scams.

In a recent scam, cybercriminals use social engineering to gain access to the social media accounts of everyday users like your friends and family. If they’re successful, the cybercriminals will post items for sale from the hacked account. Since the listing appears to be from someone who you know and trust, it may seem legitimate. However, if you try to buy the item from the seller, you won’t receive the item you wanted. Instead, your money will go directly to the cybercriminals!

Follow the tips below to stay safe from similar scams:

  • Watch out for social media listings that offer popular items at a price that seems too good to be true. These scams rely on impulsive actions, so always think before you click.

  • Verify that listings are legitimate before taking action. Contact the poster using another method of communication, such as a phone call or text message.

  • Don’t let your social media account be used against your friends and family. Protect your login credentials by creating unique, strong passwords for each of your accounts.

This Cyber Scam is provided by our sponsors: Netsync & KnowBe4


Cybersecurity Social

Just a couple interesting social posts


Did someone forward this email to you? Awesome! You can sign up here and not miss a week of the Morning Boot curated cybersecurity newsletter from Mark Lynd


You received this email because you signed up on our website, attended one of our events, or made a purchase from us. If you do not wish to receive this newsletter anymore, please hit unsubscribe below.

Questions, Suggestions & Sponsorships? Please email: mark@marklynd.com

Mark C Lynd

Head of Digital Business at Netsync. Recognized as top 5 globally ranked thought leader, author, and speaker for AI, cloud and Cybersecurity. He has been a CIO and CISO for several global companies.